Thanks for that, sounds good to me. On Thursday, 13 November 2025 at 18:20:12 UTC+1 [email protected] wrote:
> Makes sense to me, thanks for doing this. > > On Thu, 13 Nov 2025 at 16:39, '[email protected]' via Jenkins > Developers <[email protected]> wrote: > >> Hello everyone, >> >> Like I did (with Damien) about three years ago [1], I would like to >> remove some permissions / clean up the Core [2] and Release [3] teams we >> have in the jenkinsci organization in GitHub. >> >> I heard your feedback (thanks, Tim) suggesting that I open a discussion >> here instead of doing it directly. The only problem I have with that is >> that I don't want to make anyone feel blamed by putting their name on a >> list. >> >> Why do this? >> => Reducing risks and cleaning up. There are frequent phishing attacks >> and credentials leaks that could cause a supply chain attack against the >> project. >> >> Why Core/Release? >> => They both grant write permissions to jenkinsci/jenkins (Jenkins core). >> >> Who's affected? >> => Individuals with no activity (reviews, commits, or merges) on the >> related repositories for the last 12 months. Currently, two people in Core >> and five in Release (including some who will remain part of Core). If >> you're worried about your permissions, that's already a good indicator that >> you're still active and unlikely to be on the list. But if you want to be >> sure, feel free to send me an email. >> >> Can I rejoin? >> => Yes, you're more than welcome to. Damien will securely store the >> screenshots of the team compositions (encrypted) so the board members or >> officers can quickly restore access if someone wants to contribute again. >> >> *My approach:* >> - Open this thread, seeking opinions/suggestions >> - Send email, WhatsApp, LinkedIn, or other messages to the individuals >> concerned (within one hour) >> - If there's no response (or an acceptance) within about one week (by >> Wed, Nov 19), I'll remove their accounts from the Core or Release teams. >> >> Best regards, >> >> Wadeck Follonier, Security officer >> >> [1] >> https://groups.google.com/g/jenkinsci-dev/c/8cy8w7ZqyB8/m/eZfaenQzEAAJ >> [2] https://github.com/orgs/jenkinsci/teams/core >> [3] https://github.com/orgs/jenkinsci/teams/release >> >> CONFIDENTIALITY NOTICE: This email and any attachments contain >> confidential and proprietary information of CloudBees intended only for the >> named recipient(s). Unauthorized use or distribution is prohibited. If you >> received this in error, please notify the sender and delete this email. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion visit >> https://groups.google.com/d/msgid/jenkinsci-dev/3e322521-29a7-46d4-9901-1575c9ce1af2n%40googlegroups.com >> >> <https://groups.google.com/d/msgid/jenkinsci-dev/3e322521-29a7-46d4-9901-1575c9ce1af2n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/jenkinsci-dev/4e1e8eee-d567-4aea-8841-6ed8c58fef0cn%40googlegroups.com.
